<div dir="ltr">Jim<div><br></div><div>Improvements are always possible.</div><div><br></div><div>You are a member of the board and are leading many projects. </div><div><br></div><div>Conflict of interest is at high stake in this position. That is a ticklish zone.</div><div><br></div><div>cheers</div><div><br></div><div>Johanna</div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 2, 2015 at 3:31 PM, Jim Manico <span dir="ltr"><<a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000"><span class="">
    > I hope you understand that we did try many things for
    automation.<br>
    <br></span>
    Of course! Life is an evolution. We're going to keep working on it!
    :)<span class=""><br>
    <br>
    > In Openduck all projects are registered and have a 'review this
    project' form where you can provide a start and comments. We tried
    that approach.We made google forms, we made google sheets, we built
    simple  criteria. <br>
    <br></span>
    This is all great, I'm a big fan of openduck. We're likely going to
    keep using it. And we will also put some fresh eyes on it to see if
    we can improve.<span class=""><br>
    <br>
    > A JIRA donated with the help of Norman Yuen to create tasks and
    follow ups, Jonathan Johnson who setup a server with automated
    builds, the SWAMP to built projects ...We did try automation and a
    lot. <br>
    <br></span>
    Great stuff! :)<span class=""><br>
    <br>
    > Before you go and attempt a new thing lets share experience and
    not repeat  same approaches.<br>
    <br></span>
    Johanna, don't worry we're all professionals. Good folks will be
    looking at this. We certainly do not want to re-do things that do
    not need to be re-done.<span class=""><br>
    <br>
    > I hope you understand that after spending 2 years in reviews
    the main problem in my opinion based on my experience, is getting
    the right people to spend time to review. <br>
    <br></span>
    I understand that issue. I hope to find a more streamlined way to
    on-board reviewers for one or two reviews. I have a knack for
    getting folks involved. :) We're on it.<br>
    <br>
    > Is just not simple.<br>
    <br>
    Hahaha! Nothing is simple at OWASP, I agree!<span class=""><br>
    <br>
    > Open source security projects are not simple to test or use <b>this
      part cannot be automated</b>. If you are not a developer with some
    security background  you cannot even test more than half of them.
    Every project has there way to build and install.<br>
    <br></span>
    Well said, I agree.<span class=""><br>
    <br>
    > The automation is already there for handling the review once is
    done.<br>
    <br></span>
    I hear you. We've set a meeting to review everything in place and
    posted that to the project review list. There might be some things
    we can improve, maybe not.<span class=""><br>
    <br>
    > We must create incentives for people to go and review. People
    that have the knowledge capable of reviewing. Example : If you are
    not a (Java)developer how can you test and review CRSFGuard,
    Dependency, Appsensor? HTML sanitiser?  If you are not a .NET
    developer how can you use webgoat.NET or O2 project?<br>
    <br></span>
    I agree, that is something that we plan to discuss.<span class=""><br>
    <br>
    >  I hope you get my point.<br>
    <br></span>
    Completely. As OWASP volunteers step away from important
    initiatives, that is ok! That is part of the flow of OWASP. But as
    some step away, others will step in and take over and try to
    continue that work. I hope you are ok with that and you get my
    points here that we are going to try to make improvements where we
    can and take this seriously!<br>
    <br>
    And Johanna, again, you did amazing work. There are a few areas I
    think can be improved, but I was always hesitant to dive into
    project review that much because I did not want to be a board member
    who was interfering with your work. <br>
    <br>
    I respect that fact that you want to step away. There are tons of
    other things to do at OWASP that would make your happier. I can tell
    by your email the last month or two that you are unhappy with OWASP
    and that certainly effects me. I take everything regarding OWASP
    very personally, especially from super active volunteers like
    yourself.<br>
    <br>
    So when you say, I plan to step away this time, I think you really
    mean it. Since I'm the board liaison for projects, I'm going to step
    in and help Claudia keep this ship sailing. The only thing that is
    constant is change and the way reviews are done will certainly
    change in some ways as a different crew take over. I hope that is ok
    with you. It's just the natural progression of things and no
    disrespect is meant.<br>
    <br>
    Aloha,<br>
    Jim Manico<div><div class="h5"><br>
    <blockquote type="cite">
      <div dir="ltr">
        <div><br>
        </div>
        <div>And yes I do appreciated all the support you have
          personally given me and the Curacao community. It has been a
          great OWASP push from you for caribbean region .</div>
        <div><br>
        </div>
        <div>Cheers and Aloha</div>
        <div><br>
        </div>
        <div>Johanna</div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Wed, Sep 2, 2015 at 2:52 PM, Jim
          Manico <span dir="ltr"><<a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="auto">
              <div>Johanna,</div>
              <div><br>
              </div>
              <div>I want you to know that your work is going to
                continue. We're looking to automate more of the review
                process, we going to onboard new reviewers carefully and
                also take a second look at the processes in place. I
                hope this is a good thing in your mind. I personally
                think it's a very important part of the foundation and
                I've thanked you more times than I can count.</div>
              <div><br>
              </div>
              <div>I even flew to your home island to give you your
                WASPY award in person. Don you know why I did that? No
                it was not for vacation, I live on a vacation island
                already. ;) I flew to Curacao because I believe in what
                you are doing and wanted to thank you in person.</div>
              <div><br>
              </div>
              <div>Project reviews and projects in general are very
                important to the foundation and I plan to assist Claudia
                and staff as they see fit to keep the review party
                going.</div>
              <div><br>
              </div>
              <div>I would not be able to even say that if it were not
                for the massive efforts from you over the past few
                years. Thank you!</div>
              <div><br>
                Aloha,<br>
                <div>--</div>
                <div>Jim Manico</div>
                <div>
                  <div>
                    <div style="word-wrap:break-word">
                      <div><span style="background-color:rgba(255,255,255,0)">Global
                          Board Member</span></div>
                      <span style="background-color:rgba(255,255,255,0)">OWASP
                        Foundation</span>
                      <div><a href="https://www.owasp.org/" style="background-color:rgba(255,255,255,0)" target="_blank"><font color="#000000">https://www.owasp.org</font></a></div>
                    </div>
                  </div>
                  <div><span style="background-color:rgba(255,255,255,0)">Join
                      me at <a href="http://appsecusa.org/" target="_blank">AppSecUSA</a> 2015!</span></div>
                </div>
              </div>
              <div>
                <div>
                  <div><br>
                    On Sep 2, 2015, at 8:41 AM, Josh Sokol <<a href="mailto:josh.sokol@owasp.org" target="_blank"></a><a href="mailto:josh.sokol@owasp.org" target="_blank">josh.sokol@owasp.org</a>>
                    wrote:<br>
                    <br>
                  </div>
                  <blockquote type="cite">
                    <div>
                      <div dir="ltr">
                        <div>
                          <div>Johanna,<br>
                            <br>
                          </div>
                          You have both my attention and my support with
                          this initiative and I agree that it's, at
                          least at this point in time, a far better use
                          of our time than in trying to wrangle with
                          project reviews and whatnot.  You did a
                          fantastic job with those for a very long time
                          and with little recognition for it, though I
                          do think you won a WASPY for it, didn't you? 
                          At least that's something.  In any case, let's
                          figure out how to build those stairs to reach
                          those bananas.  If it requires changing some
                          policies to make funds more accessible, then I
                          can definitely help to push those changes. 
                          What policies currently stand in your way (ie.
                          what is the rationale for being told "no")? 
                          What new policies would be reasonable.  What
                          is a reasonable approach to making sure that
                          limited funds are spent on the things that
                          matter most and in alignment with the OWASP
                          mission?<br>
                          <br>
                        </div>
                        ~josh<br>
                      </div>
                      <div class="gmail_extra"><br>
                        <div class="gmail_quote">On Wed, Sep 2, 2015 at
                          12:05 PM, johanna curiel curiel <span dir="ltr"><<a href="mailto:johanna.curiel@owasp.org" target="_blank">johanna.curiel@owasp.org</a>></span>
                          wrote:<br>
                          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                            <div dir="ltr">
                              <div><span style="font-size:13px">>I
                                  certainly cannot speak for all
                                  Projects, but every time I tried to
                                  get the things I needed for a project,
                                  I got either a deny or a big silence.
                                  so the first thing needed is, if there
                                  is money available, more communication
                                  and an easy way to get to it[....] </span><span style="font-size:13px">In summary, my
                                  experience in getting money or support
                                  for OWASP projects is bad. IMHO, this
                                  is why so many projects die.</span></div>
                              <div><span style="font-size:13px">[...]</span><span style="font-size:13px">And lastly, I
                                  did not compare Chapters and Projects.
                                  I did compare the treatment that they
                                  get from OWASP.</span></div>
                              <div><br>
                              </div>
                              <div>You are not the only one with the
                                same issues. I have the same experience
                                too and as also many others. </div>
                              <div><br>
                              </div>
                              <div>Let's accept that we have a problem
                                and no, I don't blame the Board for
                                that, but I'm asking your attention and
                                we have to admit that we need to work on
                                this. And the person asking your
                                attention is a volunteer who has
                                dedicated her time the last 3 years
                                trying to improve a system and
                                contributing in multiple activities, I
                                think I deserve a small acknowledgement
                                for that.</div>
                              <div><br>
                              </div>
                              <div>This is part of the evolution OWASP
                                is having from small to bigger
                                organisation. A natural process. From US
                                to Global.<br>
                                <div><span style="font-size:13px"><br>
                                  </span></div>
                                <div>What I mean with a good platform in
                                  place is more than money in the
                                  community fund. </div>
                                <div><br>
                                </div>
                                <div>That money  feels like a banana
                                  hanging too high to reach and no
                                  stairs to reach it for project
                                  leaders.</div>
                                <div><br>
                                </div>
                                <div>Platform means communication,
                                  managing resources , support and much
                                  more. And money helps but a good plan
                                  is necessary.</div>
                              </div>
                              <div><br>
                              </div>
                              <div>It means having the stair (the
                                platform) to make available those funds,
                                so they become available.</div>
                              <div><br>
                              </div>
                              <div>And I know that the problem is we
                                have not work on creating the 'stair'. </div>
                              <div><br>
                              </div>
                              <div>This is where I want to dedicate my
                                efforts so I will submit to form a
                                committee to create the stair for better
                                development of OWASP projects. I care
                                about them, I use them I want to see
                                fair opportunities for everyone.</div>
                              <div><br>
                              </div>
                            </div>
                            <div>
                              <div>
                                <div class="gmail_extra"><br>
                                  <div class="gmail_quote">On Wed, Sep
                                    2, 2015 at 11:42 AM, Lucas Ferreira
                                    <span dir="ltr"><<a href="mailto:lucas.ferreira@owasp.org" target="_blank"></a><a href="mailto:lucas.ferreira@owasp.org" target="_blank">lucas.ferreira@owasp.org</a>></span>
                                    wrote:<br>
                                    <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                      <div dir="ltr">Josh,<br>
                                        <br>
                                        I certainly cannot speak for all
                                        Projects, but every time I tried
                                        to get the things I needed for a
                                        project, I got either a deny or
                                        a big silence. so the first
                                        thing needed is, if there is
                                        money available, more
                                        communication and an easy way to
                                        get to it.<br>
                                        <br>
                                        I will put here my experience.
                                        Others can say if they face
                                        similar issues or not.<br>
                                        <br>
                                        First, as part of the <a href="https://www.owasp.org/index.php/OWASP_Brasil_Manifesto" target="_blank"></a><a href="https://www.owasp.org/index.php/OWASP_Brasil_Manifesto" target="_blank">https://www.owasp.org/index.php/OWASP_Brasil_Manifesto</a>,
                                        I tried to get money to pay for
                                        a professional public relations
                                        person/company to help us
                                        promote the manifesto to the
                                        Brazilian congress. I learnt the
                                        hard way (from organizing AppSec
                                        conferences) that a good PR
                                        person can make a real
                                        difference. At the time, I asked
                                        for USD 2600 to pay the PR but
                                        could not get the money.<br>
                                        <br>
                                        Second, as part of <a href="https://www.owasp.org/index.php/OWASP_File_Hash_Repository" target="_blank"></a><a href="https://www.owasp.org/index.php/OWASP_File_Hash_Repository" target="_blank">https://www.owasp.org/index.php/OWASP_File_Hash_Repository</a>,
                                        I needed a server to use to
                                        deploy the initial code and help
                                        collecting data. I also needed a
                                        DNS entry. I ended up paying for
                                        the VM myself and used my own
                                        private domain for the DNS
                                        because I could not get it from
                                        OWASP.
                                        <div><br>
                                        </div>
                                        <div>Lastly, as part of <a href="https://www.owasp.org/index.php/OWASP_Portuguese_Language_Project" target="_blank"></a><a href="https://www.owasp.org/index.php/OWASP_Portuguese_Language_Project" target="_blank">https://www.owasp.org/index.php/OWASP_Portuguese_Language_Project</a>,
                                          we tried to get money to hire
                                          translators and professional
                                          writers to work with the more
                                          tech oriented volunteers with
                                          no luck.</div>
                                        <div><br>
                                        </div>
                                        <div>In summary, my experience
                                          in getting money or support
                                          for OWASP projects is bad.
                                          IMHO, this is why so many
                                          projects die.</div>
                                        <div><br>
                                        </div>
                                        <div>And just to be sure, unlike
                                          Johanna, I think money is a
                                          big issue as it could be used
                                          to remove some of the load
                                          from volunteers. An example is
                                          the translation projects: we
                                          could leverage the knowledge
                                          of our network of volunteers,
                                          without requiring them to do
                                          all the work, by relying on
                                          professional services. So, the
                                          issue is to have money to buy
                                          the services needed by the
                                          projects, from VMs to
                                          professional services.</div>
                                        <div><br>
                                        </div>
                                        <div>And lastly, I did not
                                          compare Chapters and Projects.
                                          I did compare the treatment
                                          that they get from OWASP.</div>
                                        <div><br>
                                        </div>
                                        <div>Regards,</div>
                                        <div><br>
                                        </div>
                                        <div>Lucas
                                          <div>
                                            <div><br>
                                              <br>
                                              <div class="gmail_quote">
                                                <div dir="ltr">On Wed,
                                                  Sep 2, 2015 at 5:06 PM
                                                  Josh Sokol <<a href="mailto:josh.sokol@owasp.org" target="_blank"></a><a href="mailto:josh.sokol@owasp.org" target="_blank">josh.sokol@owasp.org</a>>
                                                  wrote:<br>
                                                </div>
                                                <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                                  <div dir="ltr">
                                                    <div>
                                                      <div>I believe
                                                        Johanna said
                                                        "It's not about
                                                        money".  Every
                                                        time I hear
                                                        someone say that
                                                        it is, I cringe
                                                        a little because
                                                        I know that we
                                                        allocated
                                                        $50,000 in
                                                        Community
                                                        Engagement
                                                        Funding this
                                                        year to projects
                                                        alone and have
                                                        $15,650 of that
                                                        remaining (<a href="https://owasp.org/index.php/Community_Engagement_-_Payments" target="_blank"></a><a href="https://owasp.org/index.php/Community_Engagement_-_Payments" target="_blank">https://owasp.org/index.php/Community_Engagement_-_Payments</a>). 
                                                        I also know that
                                                        if there's a
                                                        need that goes
                                                        beyond what is
                                                        budgeted, we
                                                        have ways to
                                                        make that happen
                                                        outside of this
                                                        channel.  For
                                                        example, when
                                                        Dinis asked for
                                                        $100,000 for a
                                                        Project Summit,
                                                        we said "Give us
                                                        a plan and we'll
                                                        discuss."  <br>
                                                        <br>
                                                        I also cringe
                                                        when I hear
                                                        people compare
                                                        the Projects to
                                                        the Chapters or
                                                        vice versa. 
                                                        They are both
                                                        unique and
                                                        important to
                                                        OWASP.  Both
                                                        have needs that
                                                        we need to
                                                        satisfy. 
                                                        Chapters have
                                                        historically
                                                        been more
                                                        successful in
                                                        fundraising
                                                        because of the
                                                        large volume of
                                                        people involved
                                                        with them, but
                                                        that doesn't
                                                        make them better
                                                        or worse.  Just
                                                        different. 
                                                        Let's be honest,
                                                        the Chapter
                                                        model of
                                                        fundraising
                                                        doesn't really
                                                        work for
                                                        Projects. 
                                                        That's ok...we
                                                        just need to
                                                        find other
                                                        ways.  <br>
                                                        <br>
                                                      </div>
                                                      So, let's assume
                                                      that money is not
                                                      an issue.  What
                                                      are the needs that
                                                      our Projects have
                                                      that OWASP is not
                                                      currently
                                                      fulfilling.  I
                                                      don't claim to be
                                                      an expert on
                                                      Projects.  I don't
                                                      routinely work
                                                      with them and the
                                                      one project that I
                                                      tried to start at
                                                      OWASP died a very
                                                      quick death.  It
                                                      was an issue with
                                                      time and
                                                      volunteerism,
                                                      though, and had
                                                      nothing to do with
                                                      the OWASP
                                                      platform.  I
                                                      understand and
                                                      agree that it's
                                                      not about things
                                                      you can get for
                                                      free like GitHub
                                                      or wiki pages. 
                                                      So, what is it? 
                                                      What do you need? 
                                                      We have an
                                                      in-house graphic
                                                      designer.  We have
                                                      companies that we
                                                      work with for
                                                      publishing.  We
                                                      hired a full-time
                                                      person to help
                                                      with projects.  If
                                                      there are needs
                                                      that aren't being
                                                      met here, then
                                                      what are they? 
                                                      What can OWASP do
                                                      to make Projects
                                                      more successful? 
                                                      <br>
                                                      <br>
                                                    </div>
                                                  </div>
                                                  <div dir="ltr">~josh<br>
                                                  </div>
                                                  <div class="gmail_extra"><br>
                                                    <div class="gmail_quote">On
                                                      Wed, Sep 2, 2015
                                                      at 9:39 AM, Lucas
                                                      Ferreira <span dir="ltr"><<a href="mailto:lucas.ferreira@owasp.org" target="_blank"></a><a href="mailto:lucas.ferreira@owasp.org" target="_blank">lucas.ferreira@owasp.org</a>></span>
                                                      wrote:<br>
                                                      <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                                        <div dir="ltr">Dear
                                                          Johanna,<span>
                                                          <div><br>
                                                          </div>
                                                          <div>it is
                                                          very sad that
                                                          you are
                                                          stepping down,
                                                          but you nailed
                                                          it when you
                                                          said:</div>
                                                          <div><br>
                                                          </div>
                                                          <div>"<span style="line-height:1.5">I
                                                          hope that in
                                                          the future
                                                          there is a
                                                          clear
                                                          perspective
                                                          how to help
                                                          projects
                                                          develop
                                                          better. So far
                                                          I have not
                                                          seen major
                                                          initiatives
                                                          directed on
                                                          improving a
                                                          platform. A
                                                          platform is
                                                          not a wiki
                                                          page, not a
                                                          github
                                                          account, these
                                                          things are
                                                          already free
                                                          without OWASP
                                                          support."</span></div>
                                                          <div><span style="line-height:1.5"><br>
                                                          </span></div>
                                                          </span>
                                                          <div><span style="line-height:1.5">For
                                                          a long time
                                                          already, I
                                                          have the same
                                                          feeling that
                                                          OWASP is
                                                          always
                                                          discussing
                                                          about chapters
                                                          and their bank
                                                          accounts and
                                                          never about
                                                          projects. I
                                                          just hope one
                                                          day OWASP will
                                                          be able to see
                                                          that projects
                                                          are what makes
                                                          OWASP known
                                                          and respected.</span></div>
                                                          <div><span style="line-height:1.5"><br>
                                                          </span></div>
                                                          <div>I have
                                                          talked to a
                                                          few leaders of
                                                          open-source
                                                          projects about
                                                          bringing their
                                                          projects to
                                                          OWASP and, in
                                                          the end, the
                                                          feeling is
                                                          that all they
                                                          would get is
                                                          the ability to
                                                          benefit from
                                                          the OWASP
                                                          "brand". We
                                                          should offer
                                                          project
                                                          leaders more
                                                          than the
                                                          opportunity to
                                                          beg chapters
                                                          for money.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>Regards
                                                          and good luck,</div>
                                                          <div><br>
                                                          </div>
                                                          <div>Lucas</div>
                                                        </div>
                                                        <br>
                                                        <div class="gmail_quote">
                                                          <div>
                                                          <div>
                                                          <div dir="ltr">On
                                                          Wed, Sep 2,
                                                          2015 at 4:19
                                                          PM johanna
                                                          curiel curiel
                                                          <<a href="mailto:johanna.curiel@owasp.org" target="_blank"></a><a href="mailto:johanna.curiel@owasp.org" target="_blank">johanna.curiel@owasp.org</a>>
                                                          wrote:<br>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                                          <div>
                                                          <div>
                                                          <div dir="ltr">Members
                                                          of the board ,
                                                          <div><br>
                                                          </div>
                                                          <div>I have
                                                          decided to
                                                          step down from
                                                          the project
                                                          reviews
                                                          activities.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>I have
                                                          been doing
                                                          continues
                                                          reviews the
                                                          last 2 years,
                                                          especially the
                                                          last year I
                                                          was quite
                                                          involved in a
                                                          major clean up
                                                          in the project
                                                          inventory,
                                                          together with
                                                          other members
                                                          that
                                                          participated
                                                          in and on/off
                                                          basis.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>That does
                                                          not mean I'll
                                                          step down from
                                                          every activity
                                                          I have been
                                                          working on the
                                                          last years at
                                                          OWASP. Indeed,
                                                          now I'll focus
                                                          my attention
                                                          in those
                                                          activities
                                                          that I feel
                                                          have provided
                                                          me with higher
                                                          level of
                                                          reward and a
                                                          grateful
                                                          feeling. </div>
                                                          <div><br>
                                                          </div>
                                                          <div>Unfortunately,
                                                           I cannot say
                                                          the same for
                                                          reviewing
                                                          projects. The
                                                          greatest
                                                          reward I had
                                                          from that
                                                          activity is
                                                          what I learned
                                                          from many
                                                          project for
                                                          the last 2
                                                          years, not
                                                          just looking,
                                                          but download ,
                                                          testing and
                                                          using them and
                                                          volunteering
                                                          on their
                                                          activities.</div>
                                                          <div><br>
                                                          </div>
                                                          <div> It is a
                                                          ticklish
                                                          activity that
                                                          have provided
                                                          me very little
                                                          satisfaction
                                                          but
                                                          disappointment.
                                                          Never seems to
                                                          be enough even
                                                          when people
                                                          have little
                                                          idea how much
                                                          time is needed
                                                          to use an open
                                                          source project
                                                          , let alone
                                                          understand it.
                                                          I'm a
                                                          volunteer ,
                                                          not an OWASP
                                                          employee. Lets
                                                          clarify that
                                                          for people
                                                          that might
                                                          read this.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>I think
                                                          Claudia  , as
                                                          her
                                                          predecessor,
                                                          Kait-Disney
                                                          did, can
                                                          surely help
                                                          maintain
                                                          inactive/active
                                                          projects
                                                          monitoring.
                                                          Another
                                                          ticklish
                                                          activity that
                                                          we hear many
                                                          complains
                                                          regarding
                                                          inactive
                                                          projects
                                                          wanted to keep
                                                          alive.
                                                          Political
                                                          driven
                                                          necessities to
                                                          have wiki
                                                          pages of empty
                                                          projects,
                                                          thats what we
                                                          finished and
                                                          hope you can
                                                          continue for
                                                          the sake of
                                                          users.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>The
                                                          actual
                                                          situation is
                                                          that Project
                                                          leaders are
                                                          definitely on
                                                          their own, and
                                                          they should
                                                          understand
                                                          that: when it
                                                          comes to
                                                          having a
                                                          platform at
                                                          OWASP for
                                                          developing
                                                          projects, they
                                                          have very
                                                          little support
                                                          on this.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>It's not
                                                          about money,
                                                          is about a
                                                          platform, a
                                                          process and a
                                                          way to be able
                                                          to make a
                                                          project a
                                                          reality no
                                                          matter if you
                                                          are in India,
                                                          Pakistan, or
                                                          Africa. The
                                                          inequality
                                                          between these
                                                          worlds is very
                                                          obvious when
                                                          we look at
                                                           projects in
                                                          US or EU
                                                          compare to
                                                          'developing
                                                          countries'.
                                                          Big security
                                                          companies are
                                                          not behind
                                                          these leaders
                                                           to support
                                                          them with time
                                                          or resources. <br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div>I hope
                                                          that in the
                                                          future there
                                                          is a clear
                                                          perspective
                                                          how to help
                                                          projects
                                                          develop
                                                          better. So far
                                                          I have not
                                                          seen major
                                                          initiatives
                                                          directed on
                                                          improving a
                                                          platform. A
                                                          platform is
                                                          not a wiki
                                                          page, not a
                                                          github
                                                          account, these
                                                          things are
                                                          already free
                                                          without OWASP
                                                          support.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>I think
                                                          people hoping
                                                          to secure
                                                          their web
                                                          applications
                                                          using OWASP
                                                          tools, can
                                                          have better
                                                          ways for doing
                                                          it if more
                                                          energy is
                                                          directed
                                                          towards
                                                          supporting a
                                                          better
                                                          structure for
                                                          developing
                                                          OWASP
                                                          projects.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>This is
                                                          where my
                                                          energy will be
                                                          from now on.
                                                          Hopefully with
                                                          the right
                                                          support.</div>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div>Regards</div>
                                                          <div><br>
                                                          </div>
                                                          <div>Johanna</div>
                                                          </div>
                                                          </div>
                                                          </div>
_______________________________________________<br>
                                                          Governance
                                                          mailing list<br>
                                                          <a href="mailto:Governance@lists.owasp.org" target="_blank"></a><a href="mailto:Governance@lists.owasp.org" target="_blank">Governance@lists.owasp.org</a><br>
                                                          <a href="https://lists.owasp.org/mailman/listinfo/governance" rel="noreferrer" target="_blank"></a><a href="https://lists.owasp.org/mailman/listinfo/governance" target="_blank">https://lists.owasp.org/mailman/listinfo/governance</a><br>
                                                          </blockquote>
                                                        </div>
                                                        <br>
_______________________________________________<br>
                                                        Governance
                                                        mailing list<br>
                                                        <a href="mailto:Governance@lists.owasp.org" target="_blank"></a><a href="mailto:Governance@lists.owasp.org" target="_blank">Governance@lists.owasp.org</a><br>
                                                        <a href="https://lists.owasp.org/mailman/listinfo/governance" rel="noreferrer" target="_blank"></a><a href="https://lists.owasp.org/mailman/listinfo/governance" target="_blank">https://lists.owasp.org/mailman/listinfo/governance</a><br>
                                                        <br>
                                                      </blockquote>
                                                    </div>
                                                    <br>
                                                  </div>
                                                </blockquote>
                                              </div>
                                            </div>
                                          </div>
                                        </div>
                                      </div>
                                    </blockquote>
                                  </div>
                                  <br>
                                </div>
                              </div>
                            </div>
                          </blockquote>
                        </div>
                        <br>
                      </div>
                    </div>
                  </blockquote>
                  <blockquote type="cite">
                    <div><span>_______________________________________________</span><br>
                      <span>Governance mailing list</span><br>
                      <span><a href="mailto:Governance@lists.owasp.org" target="_blank">Governance@lists.owasp.org</a></span><br>
                      <span><a href="https://lists.owasp.org/mailman/listinfo/governance" target="_blank">https://lists.owasp.org/mailman/listinfo/governance</a></span><br>
                    </div>
                  </blockquote>
                </div>
              </div>
            </div>
          </blockquote>
        </div>
        <br>
      </div>
    </blockquote>
    <br>
    <pre cols="72">-- 
Jim Manico
Global Board Member
OWASP Foundation
<a href="https://www.owasp.org" target="_blank">https://www.owasp.org</a>
Join me at AppSecUSA 2015!</pre>
  </div></div></div>

</blockquote></div><br></div>